Fortify on Demand

Fortify on Demand dynamic assessments

Dynamic assessments, powered by WebInspect, mimic real-world hacking techniques and attacks. It uses automated, interactive, and manual techniques to provide comprehensive analysis of complex web applications and services.

Eye
Real-world hacking

Mimic real-world hacking techniques and attacks on targeted applications.

Expand
Comprehensive security analysis
Provide comprehensive security analysis of complex web applications and web services.
Detect exploitable vulnerabilities
Crawl the entire attack surface to find exploitable vulnerabilities.
Thin Bld
Test internal applications
Can test internal applications through Site to Site VPN or whitelisting Fortify on Demand’s official data center IP addresses.

Dynamic application security software

WebInspect is the cornerstone of Fortify on Demand DAST and is the industry-leading dynamic web application security assessment solution.

Our dedicated application security experts manually analyze scan results

Some of the tasks performed by the Fortify on Demand testing team include:

  • Development of authentication macros if needed
  • Validation of scan coverage
  • Removal of false positives
Our dedicated application security experts manually analyze scan results
Fortify on Demand includes an active IAST option for:
  • Improved coverage (all major components of the attack surface are tested)
  • Greater accuracy (Fewer false positives are generated)
  • Faster remediation (Full stack trace provided for each issue identified)

Dynamic vs Dynamic+

Dynamic Assessment Dynamic+ Assessment 
Application Type Website Website or Web Service
WebInspect DAST Yes Yes
Authentication Yes Yes
Security expert review (including false positive removal) Yes Yes
Continuous Application Monitoring (subscriptions only) Yes Yes
Active IAST Optional Optional
Manual vulnerability testing No Yes
release-rel-2019-6-1-2130 | Tue Jun 11 14:13:41 PDT 2019
2130
release/rel-2019-6-1-2130
Tue Jun 11 14:13:41 PDT 2019